The cybercriminals group responsible for exploiting a zero-day vulnerability in the Accellion FTA server to steal confidential data has now claimed responsibility for breaking into a major cloud security vendor Qualys.
As evidence of access to the data, the Clop ransomware hacker site released documents allegedly containing information about Qualys customers, including purchase orders, invoices, tax documents and scan reports.
In his statement, the Director of Qualys Ben Carr Information Security said that the attackers gained access to the files hosted on the server Accellion. Qualys notified a limited number of customers affected by the unauthorized access and noted that the incident did not affect the company's production environments, codebase, or customer data hosted on Qualys' cloud platform.
“Qualys has deployed the Accellion FTA Server in an isolated DMZ environment, completely separate from the systems that host and support Qualys' communications products within our customer support system,” Qualys said.
The company has shut down the affected Accellion FTA servers and switched to alternative support-related file transfer applications. The information security firm also hired FireEye's Mandiant Incident Response Unit to investigate the incident.